Errors when coding X509 attributes - help needed

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Errors when coding X509 attributes - help needed

Daniel Diaz Sanchez-2
[Sorry for the prior empty mails I am experiencing some problems with mail]

Hello,

I’m implementing some X509 attributes for a Openssl based X509 attribute
certificates API (will be available when finished). I have some problems
with one attribute, I don't know if I am implementing it correctly or not so
I need help. Let me present the problem: fist the definition (by the IETF)
of the attribute, then the implementation details (declaration and
implementation) and the piece of code that does not work. Any help would be
indeed very much grateful.

-Definition (IETF)

IetfAttrSyntax ::= SEQUENCE {
      policyAuthority [0] GeneralNames    OPTIONAL,
      values          SEQUENCE OF CHOICE {
          octets    OCTET STRING,
          oid       OBJECT IDENTIFIER,
          string    UTF8String
     }
}

-Declaration (.h)

typedef struct IetfAttrSyntax_st {
        GENERAL_NAMES *policyAuthority;
        int type;
        union{
                ASN1_OCTET_STRING *octets;
                ASN1_OBJECT *oid;
                ASN1_UTF8STRING *string;
        }values;
} IetfAttrSyntax;

DECLARE_ASN1_ITEM(IetfAttrSyntax)
DECLARE_ASN1_FUNCTIONS(IetfAttrSyntax)

-Implementation (.c)

ASN1_CHOICE(IetfAttrValues)= {
        ASN1_SIMPLE(IetfAttrSyntax ,values.octets , ASN1_OCTET_STRING ),
        ASN1_SIMPLE(IetfAttrSyntax ,values.oid , ASN1_OBJECT ),
        ASN1_SIMPLE(IetfAttrSyntax ,values.string , ASN1_UTF8STRING )
}ASN1_CHOICE_END_selector(IetfAttrSyntax, IetfAttrValues, type);

ASN1_SEQUENCE(IetfAttrSyntax) = {
        ASN1_OPT(IetfAttrSyntax, policyAuthority, GENERAL_NAMES, 0),
        ASN1_EX_COMBINE(0, 0, IetfAttrValues)
}ASN1_SEQUENCE_END(IetfAttrSyntax);

IMPLEMENT_ASN1_FUNCTIONS(IetfAttrSyntax)
IMPLEMENT_ASN1_DUP_FUNCTION(IetfAttrSyntax)


-Test code

        /* creating a IetfAttrSyntax */
        attr_val2 = IetfAttrSyntax_new();
        attr_val2->policyAuthority = GENERAL_NAMES_new();
        gen = GENERAL_NAME_new();
        gen->type = GEN_DIRNAME;
        gen->d.directoryName = X509_NAME_dup(ident_name);
        sk_GENERAL_NAME_push(attr_val2->policyAuthority,gen);
        attr_val2->type = 0;//V_ASN1_OCTET_STRING;
        if( attr_val2->values.octets == NULL )
                attr_val2->values.octets = ASN1_OCTET_STRING_new();
        ASN1_OCTET_STRING_set(attr_val2->values.octets,data_,24);
        attr_val2 = IetfAttrSyntax_dup(attr_val2); <--- [doesn't work]

        i2d and d2i also doesn't work (dup depends on them so is logical)


Any help would be indeed very much grateful.

Thank you very much!

Dani

--
Daniel Diaz Sanchez
Telecommunication Engineer
Researcher / Teaching Assistant
 

Dep. Ing. Telemática
Universidad Carlos III de Madrid
Av. Universidad, 30
28911 Leganés (Madrid/Spain)
Tel: (+34) 91-624-8817, Fax: -8749
Web: www.it.uc3m.es/dds
web: http://www.it.uc3m.es/pervasive
Mail: [hidden email]
[--Remove nospam--]




smime.p7s (3K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Errors when coding X509 attributes - help needed

Dr. Stephen Henson
On Mon, Feb 20, 2006, Daniel Daz Snchez wrote:

> [Sorry for the prior empty mails I am experiencing some problems with mail]
>
> Hello,
>
> I’m implementing some X509 attributes for a Openssl based X509 attribute
> certificates API (will be available when finished). I have some problems
> with one attribute, I don't know if I am implementing it correctly or not so
> I need help. Let me present the problem: fist the definition (by the IETF)
> of the attribute, then the implementation details (declaration and
> implementation) and the piece of code that does not work. Any help would be
> indeed very much grateful.
>
> -Definition (IETF)
>
> IetfAttrSyntax ::= SEQUENCE {
>       policyAuthority [0] GeneralNames    OPTIONAL,
>       values          SEQUENCE OF CHOICE {
>           octets    OCTET STRING,
>           oid       OBJECT IDENTIFIER,
>           string    UTF8String
>      }
> }
>
> -Declaration (.h)
>
> typedef struct IetfAttrSyntax_st {
> GENERAL_NAMES *policyAuthority;
> int type;
> union{
> ASN1_OCTET_STRING *octets;
> ASN1_OBJECT *oid;
> ASN1_UTF8STRING *string;
> }values;
> } IetfAttrSyntax;
>
> DECLARE_ASN1_ITEM(IetfAttrSyntax)
> DECLARE_ASN1_FUNCTIONS(IetfAttrSyntax)
>
> -Implementation (.c)
>
> ASN1_CHOICE(IetfAttrValues)= {
> ASN1_SIMPLE(IetfAttrSyntax ,values.octets , ASN1_OCTET_STRING ),
> ASN1_SIMPLE(IetfAttrSyntax ,values.oid , ASN1_OBJECT ),
> ASN1_SIMPLE(IetfAttrSyntax ,values.string , ASN1_UTF8STRING )
> }ASN1_CHOICE_END_selector(IetfAttrSyntax, IetfAttrValues, type);
>
> ASN1_SEQUENCE(IetfAttrSyntax) = {
> ASN1_OPT(IetfAttrSyntax, policyAuthority, GENERAL_NAMES, 0),
> ASN1_EX_COMBINE(0, 0, IetfAttrValues)
> }ASN1_SEQUENCE_END(IetfAttrSyntax);
>
> IMPLEMENT_ASN1_FUNCTIONS(IetfAttrSyntax)
> IMPLEMENT_ASN1_DUP_FUNCTION(IetfAttrSyntax)
>
>

There is an attribute certificate ASN1 module in my "play" area on
openssl.org.

At least one problem is the policyAuthority syntax. The GENERAL_NAMES type is
what is known as an item teplate and you can't apply modifiers to that so the
ASN1_OPT line wont work.

Instead you use the GENERAL_NAME type and delcare that as a SEQUENCE OF
IMPLICIT, OPT.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Errors when coding X509 attributes - help needed

Daniel Diaz Sanchez-2
Dr. Henson,

I am using your ASN1 module, with some modifications to adapt it to the
RFC3281. I have been busy, but now I have some time, let me try your
recommendations in order to correct the ASN1 syntax of the attributes.
I will provide feedback ASAP.

Thank you for your help,

--
Daniel Diaz Sanchez
Telecommunication Engineer
Researcher / Teaching Assistant
 

Dep. Ing. Telemática
Universidad Carlos III de Madrid
Av. Universidad, 30
28911 Leganés (Madrid/Spain)
Tel: (+34) 91-624-8817, Fax: -8749
Web: www.it.uc3m.es/dds
web: http://www.it.uc3m.es/pervasive
Mail: [hidden email]
[--Remove nospam to contact--]

> There is an attribute certificate ASN1 module in my "play" area on
> openssl.org.
>
> At least one problem is the policyAuthority syntax. The GENERAL_NAMES type
> is
> what is known as an item teplate and you can't apply modifiers to that so
> the
> ASN1_OPT line wont work.
>
> Instead you use the GENERAL_NAME type and delcare that as a SEQUENCE OF
> IMPLICIT, OPT.
>
> Steve.
> --
> Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
> OpenSSL project core developer and freelance consultant.
> Funding needed! Details on homepage.
> Homepage: http://www.drh-consultancy.demon.co.uk


> -----Mensaje original-----
> De: [hidden email] [mailto:owner-openssl-
> [hidden email]] En nombre de Dr. Stephen Henson
> Enviado el: lunes, 20 de febrero de 2006 13:32
> Para: [hidden email]
> Asunto: Re: Errors when coding X509 attributes - help needed
>
> On Mon, Feb 20, 2006, Daniel Daz Snchez wrote:
>
> > [Sorry for the prior empty mails I am experiencing some problems with
> mail]
> >
> > Hello,
> >
> > I’m implementing some X509 attributes for a Openssl based X509 attribute
> > certificates API (will be available when finished). I have some problems
> > with one attribute, I don't know if I am implementing it correctly or
> not so
> > I need help. Let me present the problem: fist the definition (by the
> IETF)
> > of the attribute, then the implementation details (declaration and
> > implementation) and the piece of code that does not work. Any help would
> be
> > indeed very much grateful.
> >
> > -Definition (IETF)
> >
> > IetfAttrSyntax ::= SEQUENCE {
> >       policyAuthority [0] GeneralNames    OPTIONAL,
> >       values          SEQUENCE OF CHOICE {
> >           octets    OCTET STRING,
> >           oid       OBJECT IDENTIFIER,
> >           string    UTF8String
> >      }
> > }
> >
> > -Declaration (.h)
> >
> > typedef struct IetfAttrSyntax_st {
> > GENERAL_NAMES *policyAuthority;
> > int type;
> > union{
> > ASN1_OCTET_STRING *octets;
> > ASN1_OBJECT *oid;
> > ASN1_UTF8STRING *string;
> > }values;
> > } IetfAttrSyntax;
> >
> > DECLARE_ASN1_ITEM(IetfAttrSyntax)
> > DECLARE_ASN1_FUNCTIONS(IetfAttrSyntax)
> >
> > -Implementation (.c)
> >
> > ASN1_CHOICE(IetfAttrValues)= {
> > ASN1_SIMPLE(IetfAttrSyntax ,values.octets , ASN1_OCTET_STRING ),
> > ASN1_SIMPLE(IetfAttrSyntax ,values.oid , ASN1_OBJECT ),
> > ASN1_SIMPLE(IetfAttrSyntax ,values.string , ASN1_UTF8STRING )
> > }ASN1_CHOICE_END_selector(IetfAttrSyntax, IetfAttrValues, type);
> >
> > ASN1_SEQUENCE(IetfAttrSyntax) = {
> > ASN1_OPT(IetfAttrSyntax, policyAuthority, GENERAL_NAMES, 0),
> > ASN1_EX_COMBINE(0, 0, IetfAttrValues)
> > }ASN1_SEQUENCE_END(IetfAttrSyntax);
> >
> > IMPLEMENT_ASN1_FUNCTIONS(IetfAttrSyntax)
> > IMPLEMENT_ASN1_DUP_FUNCTION(IetfAttrSyntax)
> >
> >
>
> There is an attribute certificate ASN1 module in my "play" area on
> openssl.org.
>
> At least one problem is the policyAuthority syntax. The GENERAL_NAMES type
> is
> what is known as an item teplate and you can't apply modifiers to that so
> the
> ASN1_OPT line wont work.
>
> Instead you use the GENERAL_NAME type and delcare that as a SEQUENCE OF
> IMPLICIT, OPT.
>
> Steve.
> --
> Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
> OpenSSL project core developer and freelance consultant.
> Funding needed! Details on homepage.
> Homepage: http://www.drh-consultancy.demon.co.uk
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.1.385 / Virus Database: 268.2.3/281 - Release Date: 14/03/2006
>

--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.385 / Virus Database: 268.2.3/281 - Release Date: 14/03/2006
 

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]